apache/cloudstack
1
0
Fork 0
mirror of https://github.com/apache/cloudstack.git synced 2025-10-26 08:42:29 +01:00
Code Issues Packages Projects Releases Wiki Activity
8,322 Commits 304 Branches 324 Tags
Commit Graph

72 Commits

Author SHA1 Message Date
alena
a1331d1cfc Intermidiate checkin to Project feature: 
1) Introduce new managers - ProjectManager and DomainManager. Moved all domain related code from AccountManager to DomainManager.
2) Moved some code from ManagementServerImpl to the correct managers.
3) New resource limit for Domain - Project
 2011-09-20 18:35:28 -07:00
alena
2138f86bb3 bug 11447: don't do security group check if both groups belong to the same domain 
status 11447: resolved fixed
 2011-09-15 10:08:00 -07:00
Chiradeep Vittal
65fb83035f Enable monitoring over JMX 
Add the ability to disable some vms from being scheduled

Add ability to trigger ruleset updates from JMX

added a few more dangerous JMX operations
 2011-09-12 18:20:24 -07:00
Chiradeep Vittal
c21a214372 if true, this could lead to the dog chasing its own tail 2011-09-12 18:20:23 -07:00
Chiradeep Vittal
b52d1157e9 use the new implementation of SG manager 2011-09-12 18:20:22 -07:00
Chiradeep Vittal
abf4754503 New security group mgr WIP : memory based queueing 2011-09-12 18:20:22 -07:00
Chiradeep Vittal
f41b352d36 revert egress rules implementation pending review 
Reverts a19212703b9734ebd44ebf55cfdd81ebdc9d7fe4
Reverts 24e4e44b8f0712a37147a3777833de3f9e24829e
 2011-09-12 14:45:58 -07:00
Chiradeep Vittal
d817f3c364 Revert "bug 10617: Added Egress rules to Security groups." 
revert pending review

This reverts commit a19212703b9734ebd44ebf55cfdd81ebdc9d7fe4.
 2011-09-12 14:45:58 -07:00
Chiradeep Vittal
e216686029 Revert "bug 10617: Intermediate checking" 
revert pending review

This reverts commit 561b27565512d438db3d8896df6f97b644b0b498.
 2011-09-12 14:45:58 -07:00
Naredula Janardhana Reddy
f9b0962ad9 bug 10617: Intermediate checking 
Changes :
         - Fixing API doc +response name + errorMessage
         - Adding seperate events to Egress rules
         - Egress rules Using the same database table as that of ingress with new column type.

   Pending Tasks:
         - db upgrade
         - database table rename from security_ingress_rule to generic name, renaming some of the jave class from ingress to generic name.
         - Retesting on kvm
 2011-09-09 18:14:19 +05:30
Naredula Janardhana Reddy
854f81962f bug 10617: Added Egress rules to Security groups. 
Description :
   API's:
     -  Two new api's authorizeSecurityGroupEgress,revokeSecurityGroupEgressCmd are added. These two API's are similer to ingress rule API's.
           - authorizeSecurityGroupEgress :Authorizes a particular egress rule for this security group . Usageof API is very similer to that of authorizeSecurityGroupIngress except that instead of source cidr  there will be destination cidr. By default like ingress, all the outgoing flows are blocked.
           - revokeSecurityGroupEgress : It is similer to revokeSecurityGroupIngress api, It removes the egress rule.
     -  listSecurityGroup API's response changed. It include's egress list apart from the existing ingress rules in the output of the API.

   Hypervisors :
      - It is implemented in Xen and KVM.

   Pending Tasks :  Blocking using destination security groups.

   Previous commits: c9fda641673df7701f44963ef27e1d488f121219 , 24e4e44b8f0712a37147a3777833de3f9e24829e
 2011-08-30 16:28:35 +05:30
Naredula Janardhana Reddy
9feb05ac13 bug 10617: This is Intermediate commit for Egress rules implementation in security groups. 
previous commit: c9fda641673df7701f44963ef27e1d488f121219 ( this under bug 1067, typing error)
        changes: 1) partially implemented  listing of egress rules along with ingress rules.
                 2) partially implemneted egress rules for KVM
 2011-08-25 12:18:33 +05:30
alena
ee9fbf10b6 Method signature change 2011-08-24 14:56:37 -07:00
alena
e3f179844e bug 11236: domainAdmin/regularUser can edit/delete/copy/extract Public template/iso only if it was created by them. They still can use/see public template/iso when execute list/deploy/attachIso commands. Root admin can operate with other people templates w/o any restrictions. 
status 11236: resolved fixed
 2011-08-24 14:48:35 -07:00
alena
8a7feb8ec1 Merge branch '2.2.y' 
Conflicts:
	agent/src/com/cloud/agent/resource/computing/LibvirtComputingResource.java
	api/src/com/cloud/agent/api/routing/LoadBalancerConfigCommand.java
	api/src/com/cloud/agent/api/to/FirewallRuleTO.java
	api/src/com/cloud/agent/api/to/IpAddressTO.java
	api/src/com/cloud/agent/api/to/PortForwardingRuleTO.java
	api/src/com/cloud/api/ApiConstants.java
	api/src/com/cloud/api/BaseCmd.java
	api/src/com/cloud/api/ResponseGenerator.java
	api/src/com/cloud/api/commands/CreateFirewallRuleCmd.java
	api/src/com/cloud/api/commands/CreateIpForwardingRuleCmd.java
	api/src/com/cloud/api/commands/CreateLoadBalancerRuleCmd.java
	api/src/com/cloud/api/commands/CreatePortForwardingRuleCmd.java
	api/src/com/cloud/api/commands/DeleteLoadBalancerRuleCmd.java
	api/src/com/cloud/api/commands/ListCapabilitiesCmd.java
	api/src/com/cloud/api/commands/UpdateNetworkCmd.java
	api/src/com/cloud/api/response/CapabilitiesResponse.java
	api/src/com/cloud/network/Network.java
	api/src/com/cloud/network/NetworkService.java
	api/src/com/cloud/network/firewall/FirewallService.java
	api/src/com/cloud/network/lb/LoadBalancingRule.java
	api/src/com/cloud/network/lb/LoadBalancingRulesService.java
	api/src/com/cloud/network/rules/FirewallRule.java
	api/src/com/cloud/network/rules/RulesService.java
	api/src/com/cloud/offering/NetworkOffering.java
	client/tomcatconf/commands.properties.in
	cloud.spec
	core/src/com/cloud/agent/resource/virtualnetwork/VirtualRoutingResource.java
	core/src/com/cloud/hypervisor/xen/resource/CitrixHelper.java
	core/src/com/cloud/hypervisor/xen/resource/CitrixResourceBase.java
	core/src/com/cloud/storage/template/DownloadManagerImpl.java
	core/src/com/cloud/vm/DomainRouterVO.java
	debian/cloud-deps.install
	patches/systemvm/debian/config/etc/init.d/cloud-early-config
	patches/systemvm/debian/config/root/ipassoc.sh
	patches/systemvm/debian/config/root/loadbalancer.sh
	scripts/vm/hypervisor/kvm/rundomrpre.sh
	scripts/vm/hypervisor/xenserver/vmops
	server/src/com/cloud/agent/manager/AgentAttache.java
	server/src/com/cloud/agent/manager/AgentManagerImpl.java
	server/src/com/cloud/agent/manager/AgentMonitor.java
	server/src/com/cloud/agent/manager/ClusteredAgentManagerImpl.java
	server/src/com/cloud/alert/ClusterAlertAdapter.java
	server/src/com/cloud/api/ApiResponseHelper.java
	server/src/com/cloud/api/ApiServer.java
	server/src/com/cloud/cluster/ClusterManagerImpl.java
	server/src/com/cloud/configuration/Config.java
	server/src/com/cloud/configuration/ConfigurationManager.java
	server/src/com/cloud/configuration/ConfigurationManagerImpl.java
	server/src/com/cloud/configuration/DefaultComponentLibrary.java
	server/src/com/cloud/deploy/FirstFitPlanner.java
	server/src/com/cloud/ha/HighAvailabilityManagerImpl.java
	server/src/com/cloud/host/dao/HostDaoImpl.java
	server/src/com/cloud/hypervisor/xen/discoverer/XcpServerDiscoverer.java
	server/src/com/cloud/network/LoadBalancerVO.java
	server/src/com/cloud/network/NetworkManager.java
	server/src/com/cloud/network/NetworkManagerImpl.java
	server/src/com/cloud/network/dao/FirewallRulesDao.java
	server/src/com/cloud/network/dao/FirewallRulesDaoImpl.java
	server/src/com/cloud/network/element/DhcpElement.java
	server/src/com/cloud/network/element/VirtualRouterElement.java
	server/src/com/cloud/network/firewall/FirewallManagerImpl.java
	server/src/com/cloud/network/lb/LoadBalancingRulesManagerImpl.java
	server/src/com/cloud/network/router/VirtualNetworkApplianceManager.java
	server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java
	server/src/com/cloud/network/rules/FirewallManager.java
	server/src/com/cloud/network/rules/FirewallRuleVO.java
	server/src/com/cloud/network/rules/PortForwardingRuleVO.java
	server/src/com/cloud/network/rules/RulesManagerImpl.java
	server/src/com/cloud/network/rules/StaticNatRuleImpl.java
	server/src/com/cloud/network/security/SecurityGroupListener.java
	server/src/com/cloud/network/security/SecurityGroupManagerImpl.java
	server/src/com/cloud/offerings/NetworkOfferingVO.java
	server/src/com/cloud/server/ConfigurationServerImpl.java
	server/src/com/cloud/server/ManagementServerImpl.java
	server/src/com/cloud/storage/StorageManager.java
	server/src/com/cloud/storage/StorageManagerImpl.java
	server/src/com/cloud/storage/dao/VMTemplateHostDaoImpl.java
	server/src/com/cloud/storage/download/DownloadMonitorImpl.java
	server/src/com/cloud/upgrade/DatabaseUpgradeChecker.java
	server/src/com/cloud/upgrade/dao/Upgrade228to229.java
	server/src/com/cloud/upgrade/dao/Upgrade229to2210.java
	server/src/com/cloud/user/AccountManagerImpl.java
	server/src/com/cloud/vm/UserVmManagerImpl.java
	server/src/com/cloud/vm/VirtualMachineManagerImpl.java
	server/src/com/cloud/vm/dao/DomainRouterDao.java
	server/src/com/cloud/vm/dao/DomainRouterDaoImpl.java
	setup/db/create-index-fk.sql
	setup/db/create-schema.sql
	setup/db/db/schema-222to224.sql
	setup/db/db/schema-227to228.sql
	setup/db/db/schema-228to229.sql
	setup/db/db/schema-229to2210.sql
	tools/testClient/README
	ui/scripts/cloud.core.instance.js
	utils/src/com/cloud/utils/SerialVersionUID.java
	utils/src/com/cloud/utils/db/ConnectionConcierge.java
	utils/src/com/cloud/utils/db/Merovingian2.java
	utils/src/com/cloud/utils/db/Transaction.java
	utils/src/com/cloud/utils/nio/Link.java
	utils/src/com/cloud/utils/nio/NioConnection.java
	utils/src/com/cloud/utils/time/InaccurateClock.java
 2011-08-22 20:28:30 -07:00
Naredula Janardhana Reddy
4369b0ba96 bug 1067: 
- covered basic impelementation for xen, need to test corner cases.
      - Not implemneted: kvm, vmware , listing of egress rules.
 2011-08-19 11:10:16 +05:30
alena
2c1df02ba1 Removed unused imports 2011-08-18 15:02:04 -07:00
alena
0afa6f052f bug 11167: no need to lock account when create security group to ensure that the group name is unique for account. If group already exists in the db, and we try to persist it again, mysql constraint (groupName, accountId) will fail and exception will be thrown. 
status 11167: resolved fixed
 2011-08-18 10:16:37 -07:00
alena
0cdb67fdc7 bug 11167: no need to lock account when create security group to ensure that the group name is unique for account. If group already exists in the db, and we try to persist it again, mysql constraint (groupName, accountId) will fail and exception will be thrown. 
status 11167: resolved fixed
 2011-08-18 10:16:20 -07:00
Chiradeep Vittal
fd1dbe9683 bug 10884: do not lock if not necessary 2011-08-02 13:51:26 -07:00
Alex Huang
5c543ffdb1 bug 10884: fixed a bug where the security group keeps processing a vm that has been removed 2011-08-02 10:45:29 -07:00
Alex Huang
92b8b29fe4 Revert "sg improvements. don't use global lock" 
This reverts commit 1d9961c588976a910d60c6420487c29a9080b73a.
 2011-08-02 03:49:30 -07:00
Alex Huang
79ddba246d Revert "looks like lock tables don't return the tables locked" 
This reverts commit 76781c10f8534acdd6f81c46952f88ade941e269.
 2011-08-02 03:48:57 -07:00
Alex Huang
91550836cf looks like lock tables don't return the tables locked 2011-08-02 02:10:47 -07:00
Alex Huang
6905a1db1d sg improvements. don't use global lock 2011-08-01 22:59:59 -07:00
Chiradeep Vittal
efaa63a428 bug 10884: try out a global lock instead of per-vm locks 2011-08-01 18:52:06 -07:00
Chiradeep Vittal
b4b87b1de8 bug 10920: avoid deadlocks by avoiding locks on the index on step 2011-08-01 15:32:23 -07:00
Chiradeep Vittal
3951699542 bug 10920: convert seconds to milliseconds 2011-07-30 18:19:58 -07:00
Chiradeep Vittal
f49469270e bug 10920: avoid deadlocks by not using order by random 2011-07-30 12:54:50 -07:00
Chiradeep Vittal
41e6aeae96 bug 10884: 
1. cleanup was scheduled wrong (seconds vs ms)
2. when finding a work item to do, lock one random row to reduce contentions by thundering herds of workers
3. cleanup thread also finds scheduled work items and gets threads to work on them. this way other mgmt servers can take jobs
4. add lots of trace logs
5. commit transactions when returning early
 2011-07-29 16:28:06 -07:00
Alex Huang
c00b9bf5aa fixed problems with security group. it's possible for threads to disappear due to exceptions. Also it needed to define in memory transaction boundary 2011-07-29 10:41:36 -07:00
Chiradeep Vittal
1226a49976 bug 10884: use the proper keys this time 2011-07-27 17:58:59 -07:00
Chiradeep Vittal
8cc694a579 bug 10884: bump up thread pool and cleanup less often 2011-07-27 14:44:52 -07:00
alena
30e8ed3ab6 Don't allow to specify security groups when deployVm in Vmware setup. 
Also fixed a couple of other problems:
* verify security group ids before vm creation
* don't create "default" security group (if missing) as a part of deployVm process when vm is deployed from vmWare template
 2011-05-20 18:52:58 -07:00
alena
c2afcdec52 bug 9873: always add default security group to the SG list when deploy vm in 1) Basic zone 2) Advance zone using SG enabled network 
status 9873: resolved fixed

Following fixes were made as a part of the checkin:

* When deploy user vm and SG doesn't exist in the DB, create it automatically.
* SecurityGroup enabled use vm start: if map to default group is not present in security_group_vm_map table, create one.
* Added "name" (securityGroupName) parameter back to deleteSecurityGroup/authorizeSecurityGroupIngress/deployVm. Mutually exclusive with security group id parameter.

Conflicts:

	api/src/com/cloud/api/commands/AuthorizeSecurityGroupIngressCmd.java
	api/src/com/cloud/api/commands/DeleteSecurityGroupCmd.java
	api/src/com/cloud/api/commands/DeployVMCmd.java
	server/src/com/cloud/api/ApiDBUtils.java
	server/src/com/cloud/vm/UserVmManagerImpl.java
 2011-05-17 15:08:13 -07:00
alena
5db28c57e4 bug 9492: allow security group removal when it has ingress rules, but not assigned to any vms yet 
status 9492: resolved fixed
 2011-04-25 16:43:39 -07:00
alena
41e5e38fef bug 9336: securityGroups can be used by other securityGroups in the same domain only; no cross domain SG authentication 
status 9336: resolved fixed

Following changes were made:

* deleteSecurityGroup/authorizeSecurityGroupIngress - removed account/domainId parameters as SG is uniquely identified by id now
* removed account_name field from securityGroup DB table; removed allowed_security_group/allowed_sec_grp_acct from security_ingress_rule.
These values were used for api response generation only for performance purposes; added caching on API level to improve performance
* Added missing security checks for securityGroups/ingressRules
 2011-04-22 11:35:29 -07:00
alena
1a6d78eae4 Code cleanup. No need to declare runtime exceptions (CloudRuntimeException, InvalidParameterException, PermissionDenied exceptions) 2011-04-21 16:26:53 -07:00
Frank
92155522f2 Add license header to files 2011-04-14 11:23:14 -07:00
nit
debe236a8d bug 8710: CONTD....Introducing a new user role in cloudstack called RESOURCE_DOMAIN_ADMIN. The role would have all the domain_admin rights and the rights to list zone,pods,clusters and so on. More info in the bug 2011-04-11 19:40:37 +05:30
alena
a47a4c8cfe bug 9272: fixed the race condition bug when we tried to remove vm from SG after it was expunged (expunge interval was really small, 60 sec). 
status 9272: resolved fixed

When do search for vm, do includingRemoved search.
 2011-04-04 15:47:14 -07:00
alena
1932652125 bug 5912: Added events and logging for securityGroup create/delete 
status 5912: resolved fixed
 2011-03-25 15:23:18 -07:00
alena
1cf735c537 bug 8968: use search criteria when list security group by id 
status 8968: resolved fixed
 2011-03-14 13:45:11 -07:00
Edison Su
8eaa53f282 fix transaction rollback in security group listener, which cause state machine update failed 2011-03-04 10:58:24 -05:00
Edison Su
9ad5139fda fix delete security group rule 2011-03-03 13:44:48 -05:00
Edison Su
8240ae7e8c fix migration 2011-02-28 12:16:40 -05:00
Edison Su
b20808d223 minor fix 2011-02-28 12:16:40 -05:00
Edison Su
9b51886850 fix migration issue 2011-02-28 12:16:40 -05:00
Edison Su
adbd20ca5a bug 8655: add security group for direct tagged network 2011-02-23 15:53:14 -05:00
alena
15f59e6f58 bug 8637: throw ResourceAllocationException when resource limit is exceeded. 
status 8637: resolved fixed
 2011-02-18 12:26:58 -08:00